N/A Published on 2012-06-05

CVE-2012-1945

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.

EPSS 0.2% percentile 40.8%

Affected tracked apps

Thunderbird

winget:Mozilla.Thunderbird

1 open

Vulnerable CPE configurations

Vendor	Product	Platform	Versions	CPE 2.3 URI
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:5.0:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:6.0:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:6.0.1:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:6.0.2:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:7.0:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:7.0.1:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:8.0:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:9.0:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:9.0.1:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:10.0:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:10.0.1:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:10.0.2:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:10.0.3:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:10.0.4:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:11.0:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:12.0:::::::*

View on NVD ↗